Wow one of the founding principles behind what I want to get out of writing my OS is maybe already being done, and no less, implemented in hardware which is probably the best place for it:

http://www.newscientist.com/news/news.jsp?id=ns99994215

Neato; I just hope it makes it to market and doesn't suck.

If anything, it'll be a huge leap forwards in emu/virtualization, or backward if you keep in mind that many emus in the Amiga days booted straight from hardware w/o loading an OS, thus cutting out a huge amount of overhead that today's popularized emu's and virtualization apps due. One drawback was that you couldn't run say, a Mac emu while running the amiga native stuff; this sounds like it might get away from that. Very neat.

Saw Chuck Palahniukat book shop santa cruz last night. Good talk; some of his comments on community vs. isolation have been on my mind. I have a number of friends, and I feel like I have a community of individuals with whom I interact regularly. But unfortunately, I don't get to do it IRL much anymore. Most of my core friends have moved all over the globe, and the community friends I silc with etc. I basically see once a year at CSW. Day to day human interaction is with my family & wife's friends primarily. On the one hand it's kind of a bummer - on the other - it's the conversations which are the crux of the friendships anyway, and less the in face interactions. Still, it's nice to have both. Part of the frustration with somehow having a liking in things which continually seem unpopular I guess - and then if they ever are popularized, I still feel disassociated, because they change through that process such that they've lost much of what I liked to begin with.

----------------------------------------------------

Part of the impetus for that newOS notion is from http://www.cs.bell-labs.com/who/rob/utah2000.pdf BTW. If you haven't read that you should. I think a lot of people who haven't been using computers much in their past, haven't knowingly been exposed to much variety. The Windows & Unix dichotomy is extremely dismal - as I've said to friends before, I feel like the industry has returned to where it was 20 years ago. I only hope that it will start to move forward again somehow. The installed user base is the major pain - it's also why things become less interesting I guess; pioneering stages & players interest me, masses of followers later are usually weak.

---------------------------------------------------

In continuing to listen to local pirate radio (www.freakradio.org) you hear a lot of swift people. Some author PhD guy was on a couple weeks ago, I wrote down some books he'd written but seem to have lost the paper. At any rate, he had this great analogy that went a bit like this:

Say you've got a bacteria culture, just sitting there doing its thing. Well, introduce some sugar to the culture, and it begins to grow explosively - population sores, but there are biproducts from this energy source that are detrimental to the health of the bacteria itself. Doesn't matter though, they keep eating this shit up and ultimately die off from the polluted system they've ended up in. (e.g. bacteria that produce alcohol, ultimately die from it once the concentration reached 12%).

So the analogy is to the human population. Judging from his estimates of population growth, mankind was pretty much in a static or steady growth throughout most of history - nothing much doing. Then, enter fossil fuels. Population starts to expand at a huge rate; if humans are equated to bacteria, then fossil fuels would be the sugar. And sure enough, we also have biproducts from using these as a fuel source, which are detrimental, not just to our own health - but sadly to the health of the environment around us as a whole. I find it interesting to see that this energy source analogy extends beyond fossil fuels - what's a bigger producer than that? Atomic, and the biproducts - even MORE of a threat to health. Is there really a high energy clean fuel source? Or is the sustainability & pollution factor tied to the amount of energy that can be derived? I wonder if physics might have some correlations (e.g. energy cannot be created nor destroyed; save for nuclear reaction - similarly, amount of energy transfer is related to a drain from the environment with an equally concentrated polluting factor? Bleh, crap).

------------------------------------------------------

Anyway, final bit here. Again, listening to some .mil lecture on the radio about depleted uranium, undetontated cluster bombs in Laos; basically all sorts of military waste left behind after wars. Basically - just all really destructive pollution, long term fallout from weapons.

We're starting to see the same thing on the net, all these worms, mass mailers, etc. After dugsong's last CSW talk ('02) about CodeRed and AN's /8 - this notion of a biological system started to sound more intriguing, as did notions of an immune system (counter worm, e.g. Parc, Max Vision, most recently Nachi/Welchia). Ok, but here's the thing - it's less of a biological system than it is a polluted system. The Biology is active, independent, creative. The pollution is autonomous, without guidance, and just continues in pools of stagnant shit (unpatched systems). Is it really biological in character, or is it an oil spill? I'm beginning to feel that it's more of the latter.

And where's the beef? .mil already works with virus writers on super duper weaponized virii; just as they do in the biological, chemical & explosive realms. As they move away from ammaturish features into more of an industry, the potential damage will increase, and likely the ongoing fallout as well. But why do this? The .mil doesn't necessarily _want_ long lasting damage, just immediate targetted destructions - they want the SKILLS of a true hacker, a true martial artist because of how they can effect change. But they will never get the skills, they only get the prepackaged products of the creators, and put those in the hands of the dumb grunts/politicians/suits. The products are used in situations that the creators would never use personally, and the biproducts and side effects are long lasting and extremely destructive.

There needs to be an effort on the part of those who create, who have imagination - to take a stand against this sort of thing if it's to stop, or if it's to continue along in the right direction. If you, as a creator can't take responsibility for the havoc your work could potentially unleash, then it's probably best to work on something else that you can take responsibility for. Everything is just a tool, right? It is in the hands of a 'good' or 'bad' person that good or bad is done with it. But that's not always true, some creations are predisposed to pollution & destructive natures, and it requires extreme skill to use them appropriately. I'd wager that only the people who have the skill to begin with are really fit to use them.

This is a bit in conflict with notions of openness and freedom, which I think are ultimately beneficial. But you have to put things in context, how much can be open and free will depend on the time period.

Teaching killing techniques in martial arts now doesn't need to be closed off, because guns are so much more pervasive, and require no skill.

If your technique requires extreme skill to even use, then you should have little fear of releasing, discussing, documenting it. If on the other hand it's a braindead technology - you should take extreme cares to insure that chances for failure, fallout, pollution are kept to a minimum - because they will be used extensively.

The biggest problem, is that sometimes you can't forsee whether something will become ubiquitous ahead of time, and so that by the time you realize that you should have revised things before their release - it's too late, and everyone is running around with a gun, or we're stuck with fucking TCP/IP. The energy required to then rectify things is enormous, and it can't supplant the old, without still embracing it - which just makes it more complicated, and often suffers from the same problems as a result. The infection persists - do even thoughts work this way as memetics would dictate? Some thoughts should be guarded closely as a result one would think....

Needed to get some ideas down... moving again and again has really screwed things up for my home computing life - so this is it for now; no time or motivation to bitch at megapath for fucking up; no time or space to unpack and plug things in. On the other hand moving has been a blessing as I've simplified, all my crap is in boxes. That and I've actually started to solidify my notions of what I -need- to be fucking doing, beyond realizing that I can't keep postponing shit because I'm not going to be really settled, I've been _doing_ things because I can no longer wait to get settled. One major annoyance is that I'm going to need to figure out the best way to rectify that for programming, because the laptop I was using from work I'm giving up in a week because I'm getting a new one and my current one is shifting down. While I'm getting the hang of minimizing, simplified and solidifying, I've realized that a few things need to be stable. Ergo, I -need- a personal machine that I can use at any time and keep with me. A laptop is going to cost me a bit which I'm pissed about, and I'm also pissed about the timing because I would like to wait for an amd64 thinkpad or something spiff. This means that for a month or two at the least I'm going to be sitting on my hands as far as actually having a personal laptop, and I'll be dealing with cumbersome crap like writing stuff on my soekris, or within VMWare or other bullshit like that, and I hate that.

Anyway, baguazhang is going really well - it's so refreshing to be _doing_ something that I'm unfamiliar with, screwing up, correcting mistakes, and progressing. Having it twice a week helps too as it -happens- I can't shrug it off because my mood isn't quite right. The philosophical parallels between the martial end of computing (sec/hack/whateverthefuck) are nice to think about too as I have moments to contemplate (usually when driving).

On the programming front, I picked up K&R used and already it's a bit of a relief from pcp - I like the emphasis of a small book fitting a small language; some of the tomes out there just seem like total overkill. Not to mention, where I'm at - I need to work on small things. I'm trying not to get distracted, notions of trying to build everything from the ground up (e.g. try piecing together an assembler, then maybe a compiler, etc.). Anyway - that's starting at a level that I'm not ready to tackle, so just like martial arts I'm trying to follow someone else's example first (doing book exercises) and then as I become more comfortable move to the next step. After the external stuff gets good the internal bits begin to follow a little more, and so the inversion of starting with the abstractions and then moving over time to the minutia of the experienced might pan out.

Then again, I'm just talking out of my ass, as I'm a beginner in both respects.

That said - I have a few ideas I've been meaning to write down. The recursive/emulationOS notion has been invading my thoughts more and more and feels like something that's worth pursuing. I'm going to start with a bootloader, whether through modifying bits of other people's or writing one from scratch, probably both.

Some thoughts about what I want to do...

. Bootloader portion... have some stuff from the get go, spit stuff to the serial port for one; option to encrypt the disks as another; on the serial port end - maybe even intercept portions of video signals to mimick a realweasel or cyclades card in software [no BIOS, but it could get you somewhere].

For the OS portion - start with just an x86 emulator running off the bootloader... it'll evolve from there, broken down, done again and so on undoubtedly if it progresses. There's going to need to be some real thought put into how to abstract things - video cards, NICs, hdd's, fuck - everything hardware might benefit from an abstraction. This can provide some real benefits just thinking about the hdd, for one you could allow the hdd to store images for the emulation portion, or you could use the bootloader portion and just boot it directly [perhaps with some lite residual disk interpretation, e.g. some of the crypto hardware bits]. I almost wonder sometimes if the goal wouldn't be even better realized within hardware altogether. Maybe long term future that would be ideal [emplant, hardware designed for the OS, comes to mind bleh] Regardless, software will need to come first. Some kind of inspiration from scitech's SPAN and kgi/ggi (which I just heard about this week thanks to todd) is likely to be of use - but don't just do it for video cards - do it for everything. Not only will this help from an emulation standpoint, but it will help longer term as it hopefully evolves into an OS.

plan9 research has been pretty intriguing... need to read more about TRON and mach too. My hope is to take best practices across disciplines and merge them together - I hope it will be very small and fast. The licensing needs to be as liberal as possible, public domain if possible; though I know if others are going to contribute BSD/MIT for credit might be necessary at a minimum - I'd rather leave that to those contributors. I'd rather avoid anything more restrictive [e.g. gpl]. I just don't see how there's any hope of a wholely new platform/OS competing with previous OS's if compared against its competition:

A. it costs more [so it must be $0]

B. it's with a more restrictive license [so it must be PD].

C. it doesn't run what you already have [so it must have a complete emulation component]

D. It doesn't do things *natively* better than what you were used to before [so it must be more secure, more stable, more reliable and much faster].

The A-D in brackets are basically the design criteria in my mind for any new OS that even hopes to compete in the future, we already have to deal with the non-bracketed portions and it fucking sucks computing has become fucking entrenched in its own installed user base morass. It's like the phone system, a complete piece of shit compared to what you can do today - but we're still dealing with it. The only way we can junk the old is by ensuring compatibility with the old, but the ultimate appeal is by offering something that you just can't get with the old. The internet did this - let you communicate with others, in ways you couldn't before. Sadly, it's now at critical mass, and changing it is going to suck fucking eggs. Oh, and did I mention that TCP/IP needs to go away? It's an irony, your ideas finally get widespread usage, but 30 years after they were originally envisioned, and in those 30 years lots of ways of doing the same thing a lot better have occurred, but you can't just supplant the whole thing... or can you? With the right planning at the onset, perhaps you can make it simple enough to be flexible enough to endure time... there's a mystery there somewhere... maybe I'm wrong about the failings of the past in some respects. I will say that _some_ things they nailed perfectly; other things are getting severely fucked though. It's like many people's feelings about the political and corporate state of affairs - the mechanisms have been abused, and the people are suffering while fuckwits benefit. You're disenfranchised, you feel like the mechanisms in place to fix things aren't working - and you're right. So, what do you do? You need to break out, do you OWN thing. Then you will see the others who are in the same state and you can collect together, and together you might have some hope in time of effecting the change you wish to see. Perhaps the movement becomes a kindling for the masses and revolution occurs, the cycle goes on. Sadly, the revolutions really evolve very little - but sticking to your own things, and realizing your own ideals will be more satisfying, you can lead your life & hopefully those of your family, friends and colleagues in a manner that is satisfying, despite the turmoil and bullshit that the world is facing. Perhaps you can help to push back the worst of the tyrants a little... improving things a bit, or at least preventing the worst. You still need to be aware of the others, protect life & justice, work towards preventing our own extinction because if we can keep on long enough - we can rise up above our bacterial blooming and not kill ourselves off.

Wow I wandered... anyway I really think a new paradigm needs to occur - Winshit and Unix are crap and ancient respectively, and they're the only things really running right now (linux, OSX in the unix camp). My fucking Amiga was a more usable machine than anything made in the past ten years practically and that's complete bullshit.

I swear, this is starting to turn into a string of diary entries all about ssh. (Although, I must admit that I only came back here to check on some previous writing related to that same topic). Thanks for certifying me jolan! (It scares me that people are reading this and actually acting on it; then again I only got motivated to rediscover my password after jolan mentioned the site months back).

OK - so current status, and what I wanted to post on. A FRIGGING SCPONLY SHELL ALREADY EXISTS! Don't get me wrong, I think this is AWESOME!!! I do find it weird that it's actually _called_ scponly too.

URL is: http://www.sublimation.org/scponly/

Moreover, this guy has been cranking at it for a while and not only has sftp going, but also has WinSCP support & chroot abilities. As tet would say, tres cool. And check it out, there's even another similar project:

http://pizzashack.org/rssh/

rssh explicitly states no BSD support [tell me how braindead that seems when it's meant to work with OpenSSH that was designed primarily on and for a BSD], but I guess it can be cobbled together to work. Not sure if the "real" scponly works, I've only downloaded and started poking so far [license is _almost_ BSD, but not - it'd be really nice if people stuck to standard license paradigms y'know?].

Anyway very exciting, I am going to have to play around with this a bit.

Blurted out my previous stuff in front of some others, and learned that I'm not in a vaccuum as jolan had already read my previous paper-jot, pedro seemed to think I should try to formalize it a bit as it sounds like an interesting idea. So, I'll do just that [which is one of the reasons I came back here].

Nice to see that one of the pieces might be a bit better fulfilled than I had conceived already though, and heck I didn't even lift a finger. I just wonder why the hell I never found it before [I swear that in my extensive googling in the past I must have tried scponly before]. Seriously, scponly, plus resume, plus maybe some more advanced file perms thingy would be super neato. Astalabyebye to FTP clingers-on for just a couple of features.

On a different note - there was a time [long ago] when I felt frustrated because I didn't have many interesting ideas to work on. Now that I seem to be having a few, I find it substantially more frustrating to have interesting ideas, and not be able to implement them. But hey, I'm working on it - now up to chapter 4 exercises in pcp; oh and pakuachang begins next week r0^r!!

Despite my best intentions, this might temporarily be a place for me to just get down some ideas short version of why is due to another imminent move; moving makes it hard to get one's network set up. Yet another reason for why I really need to do a colo somewhere decent. Of course that requires time & money to get organized with - and I will have neither until after the move. That said.

I had another brainstorm on scp&sftp resume support this morning. One pain in the ass problem with ftpd's & resume is that you need to give people overwrite permissions - but if this is say, an anonymous upload dropsite, you don't want some dick overwriting all your files. Since SCP/SFTP have a key exchange at the beginning though - and since everyone will have a different public key, then even though account-wise they'll all be anonymous, you _can_ actually distinguish between people who should be able to "overwrite" (really, resume) their files, and people who are just trying to be malicious and fuck with other people's stuff. So, if there's a match on the public key received, you say - "oh yeah, please finish uploading that file that got screwed," and if it's not you say - "sorry, you're not the droid we're looking for, try resuming your own files." I realize that this is a bit in the face of p2p crap - but I'm trying to think of security first; if this idea ever gets further than the idea stage, that would merely be default behaviour - a site admin could always override it allowing people to overwrite anyone's files, or you should be able to have granularity to do it file-by-file. One thing (might already be there for scp) is to do like a sha-1 of a file before xfer, and then have the remote end sha-1 it after completion to improve the likelihood of file integrity too. That's an older idea, and could maybe be done in other ways.

Some hangups - I spoke briefly with Niels the other day about resume support - and he said that theo had some gripe about adding it (some BS about malicious jazz - but hey, the ftp stuff in OpenBSD support resume, why should scp be so different in that functionality I wonder? Need to hear more details). Niels was going to bring it up again with markus, but I get the feeling that it might not happen. Or, if it does, not in an official OpenSSH branch (for now at least). Still really disheartening to see effects of the fallout even now, even though I'm just a user.

Meanwhile, this is really just a wishlist. I'm getting back into programming, but it's been ... like 9-10 years. My biggest frustration right now is that I have a -lot- of ideas, but no skills to actually know how to implement them. Still, I have to say that this year's CanSecWest & meeting jose & jsyn in person in particular was extremely inspirational. (Anecdotes at a later date perhaps).

--------------------------------------

Some other things I want to see out of SCP/SFTP server in the future:

- No need for a real shell [see earlier discussion]; ideally even have something like a chroot & fake 'accounts' akin to ftp4all - I don't want the users to have real access to the system at all, that way too you could have fs granularity like ftp4all that's beyond what the system sees, because it's handled more by .

- Resume support [discussed in greater detail above].

- Maybe intelligently set the dumpsite to a noexec partition, dunno if it would really help much; but something to peak into. Could also systrace everything to limit file creations strictly to a partition.

- Maybe _maybe_ put rate limiting support into the application [I know, this can be done in altq etc., but especially if this is aimed more at file xfers - you don't want it to interfere with your standard ssh or tunnelling priorities in all likelihood].

-------------------------------------------------------

Enough spew for now, I really need to get this stuff off advogato at a personal colo soonish.

Was at Networld+Interop last week. I am quite loathe towards trade shows. Highlight of the event was actually telling my idea for an inverse-KVM to Avocent & Startech. The fellows at the Startech booth eyes lit up and they said "That's a -really- good idea." Well, I knew that already - but hopefully they'll actually implement it.

My only hope is that if they do they'll offer up some sort of BSD licensed driver/software.

For those curious about what I'm talking about (not that I imagine many people are reading this). How many times have you wanted to plug into a headless machine but didn't want to lug around a monitor, keyboard and mouse? Note, if you are using a serial console this is a moot point (one reason why non-x86 stuff still has advantages in the server world for sure).

Anyway, you have a laptop, right? It's already got a video display, a keyboard and some kind of pointer (touchpad, trackpoint). Why not just use that? Long ago, I thought gee it'd be nice if a laptop just had an input mode [like the Fn-output key mode to display to a video projector]. That's not very universal though. Soooooo, better yet - make it a PCMCIA/Cardbus/Newcard/whatever card with a squid cable that extends to a VGA, PS/2 [or USB, or hell we could do other crap ass stuff like ADB or Sun]. Then you just interact with the headless machine using your laptop. So, inverse KVM is the best way of describing it.

It would be incredibly useful for any IT person, and I doubt it would even cost more than a few hundred. Pack in an option to have multiple different cable types [so you're not bound just to VGA/PS/2] and it would be super duper useful.

Like I said, the folks at the Startech booth actually seemed to -get- it, so hopefully they'll build it. As long as they kept me in the loop [just to let me know it had been made] maybe gave me some credit somewhere and released a BSD/MIT licensed driver I would be stoked.

2003-3-31
Finally posted the 2940UW to double-p. Unfortunately, I still have yet to find a new packing box for the us5 for henning (the one I used is too large to post internationally).

Jolan cleaned up a shell given to me from a classmate that might solve my anonymous scp hopes. Must check with the classmate to see if he'll let it go on a BSD license. More ideally would actually to find a way to write a replacement myself, since I could use the practice - and this shell will need some additional features to be useable with WinSCP [at the least, maybe Fugu would work better]. Also, my guess is that despite the similarities between scp & sftp - that sftp won't work with this workaround.

As far as whether this is actually secure... not sure. Ostensibly this could be bundled together with a stsh type doodad, thereby allowing for further locking with systrace. That might be the 'safest' way to try to get this to work, as it is a bit odd.

So, one more reason to try to write my own. Seems like I recall a friend in a class writing his own shells as an assignment long long ago, nowadays even google doesn't turn up resources [shell scripting != writing a shell].

Word, got my advogato password back after emailing raph; I created this account a while back and picked something I definitely wasn't going to remember (ah well).

I have fallen prey to my hardware donation addiction again, the marathon us5 firewall box I got for a $275 song I'm going to ship to henning as he can do more with a sparc64 development-wise than I can. At least this time it will be more straightforward than the nate & costa hardware donations, since I have the hardware in hand. Of course, afterwards I will no longer have any sparc64 arch of my own; but ebay seems to have some similar [if not better] items for about $300. Still, $600 or so in the hole after that to get me back to where I was before I offered this to henning. I keep telling myself to stop donating stuff to OpenBSD that I don't have for myself yet. Maybe someday.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser
code is live. It needs further work but already handles most
markup better than the original parser.